Over the last few years, it has become increasingly apparent that bugs in the Linux kernel are being exploited on deployed systems. Even when these are fixed promptly upstream, the realities of deployment mean that systems and their users can remain vulnerable for long periods afterwards.
In response to this, effort has been placed into kernel hardening: modifying the kernel to reduce the attack surface, making entire classes of attack more difficult if not impossible. A number of hardening features have made it into the mainline Linux kernel, and while not a perfect defence, the use of these features can help to mitigate the impact of bugs not yet fixed or even known about.
This presentation will cover hardening features available in the mainline Linux kernel, what they protect against, and their limitations. Attendees can learn the benefits and trade-offs of these features.
